CVE-2021-41495

Publication date 17 December 2021

Last updated 4 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place

Status

Package Ubuntu Release Status
numpy 23.04 lunar
Not affected
22.10 kinetic
Fixed 1:1.21.5-1ubuntu22.10.1
22.04 LTS jammy
Fixed 1:1.21.5-1ubuntu22.04.1
21.10 impish Ignored end of life
21.04 hirsute Ignored end of life
20.04 LTS focal
Fixed 1:1.17.4-5ubuntu3.1
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.3 · Medium

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-5763-1
    • NumPy vulnerabilities
    • 7 December 2022

Other references

Access our resources on patching vulnerabilities